geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cristian Roldan <roldan...@yahoo.com.ar>
Subject Security Policy
Date Fri, 10 Feb 2006 14:46:45 GMT
Hi All,
          I  enabled the Security Manager with these parameters "-Djava.security.manager -Djava.security.policy=geronimo.policy",
everything works ok, but the only problem that  I saw was with the Application identification
(number) , if you deploy
an application, Generimo creates a directory config-store/[NUMBER], you must use this number
in the policy file, after a while 
you undeploy and deploy a new version of that application in this case you obtain a new number,
so you must change the policy file.
I think that using a [number] as a deployment directory is not the best solution from the
administration perspective. 
I'm sorry I just give an opinion from the administration point of view maybe there is a design/performace
reason that I can't see.

   
  // --------------------------------------------------------------------------------------
// Permissions for Geronimo V.1.0
// --------------------------------------------------------------------------------------
  // Geronimo gets all permissions
grant codeBase "file:${org.apache.geronimo.base.dir}/lib/-" {
  permission java.security.AllPermission;
};
  grant codeBase "file:${org.apache.geronimo.base.dir}/repository/-" {
  permission java.security.AllPermission;
};
  //----------------------------------------------------------------------
// From here I set the minimun permissions for my Applications
// You must change "23" for you Application number, this number is created
// during deployment phase.
//----------------------------------------------------------------------
  grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/23/-" {
  permission java.lang.RuntimePermission "accessClassInPackage.*";
};
  // ---------------------------------------------------------------------
  grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/1/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/2/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/3/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/4/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/5/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/6/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/7/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/8/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/9/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/10/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/11/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/12/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/13/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/14/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/15/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/16/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/17/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/18/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/19/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/20/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/21/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/22/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/24/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/25/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/26/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/27/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/28/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/29/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/30/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/31/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/32/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/33/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/34/-" {
  permission java.security.AllPermission;
};
grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/35/-" {
  permission java.security.AllPermission;
};
  
 

		
---------------------------------
 1GB gratis, Antivirus y Antispam
 Correo Yahoo!, el mejor correo web del mundo
 Abrí tu cuenta aquí
Mime
View raw message